Description
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by SNOSoft · textlocallinux
https://www.exploit-db.com/exploits/23345
exploitdb
WORKING POC
VERIFIED
by SNOSoft · textlocallinux
https://www.exploit-db.com/exploits/23344
exploitdb
WORKING POC
VERIFIED
by SNOSoft · textlocallinux
https://www.exploit-db.com/exploits/23346
References (4)
Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8989
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13633
Various Sources x_refsource_misc
http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt
Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/343804
Scores
EPSS
0.0005
EPSS Percentile
13.8%
Details
Status
published
Products (1)
ibm/db2
9.0
Published
Sep 28, 2004
Tracked Since
Feb 18, 2026